Description:
------------
Tiff Tag SubIFD (330) ONLY works is there is a single SubIFD, but the Tiff
specifications state that SubIFDs is an array of IFDs of size tag_count.
If num_sub_ifd > 1, the tag long value is an offset to a sequence of longs,
themselves representing the offsets of each SubIFD.
In the source (ext/exif/exif.c) method exif_process_IFD_in_TIFF assumes that the
tag long value always points to ONE SubIFD (lines 3693 and 3698).
Effects:
1) If there is more than 1 SubIFD, the tiff parser will incorrectly be jumping
around in the file, potentially printing TONS of warnings
2) exif_thumbnail() does NOT work for Nikon nef files
Test script:
---------------
Download the 2 nef files (nikon nefs are tiff files) below:
http://nefarious.timotheegroleau.com/tests/dsc_2317.nefhttp://nefarious.timotheegroleau.com/tests/out.nef
Run the following scripts from a php 5.3.6:
php -r 'var_dump(exif_read_data("dsc_2317.nef"));' 2>&1 |less
php -r 'var_dump(exif_read_data("out.nef"));' 2>&1 |less
Notice the single warning for dsc_2317.nef, as the parser is quickly encountering an invalid entry, but notice also the ~39k warnings spat out for out.nef.
Note: I recommend enabling EXIF_DEBUG for this, to see the offsets printed (note btw that there's a compilation error with EXIF_DEBUG on, which I've commented out for my tests)
Expected result:
----------------
exif data returned, with no warnings when the input tiff file has multiple
SubIFDs
Actual result:
--------------
exif data is returned, but based on the the input tiff, and where the SubIFD
offset sends the parser, there can be *A LOT* of warnings being thrown.

Patches

Pull Requests

History

Hey!
I did a fix for bug #72735, which is committed to git in the master branch (PHP-7.2), could you please test if that fix partially fixed some of this bug?

[2016-08-14 04:22 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.